{"id":24698610,"url":"https://github.com/faradayio/credentials_to_env","last_synced_at":"2025-08-23T06:35:36.551Z","repository":{"id":57612387,"uuid":"54547920","full_name":"faradayio/credentials_to_env","owner":"faradayio","description":"Downloads credentials from Hashicorp's Vault, and writes them to env vars and/or files before executing another process.","archived":false,"fork":false,"pushed_at":"2019-02-28T02:52:24.000Z","size":65,"stargazers_count":38,"open_issues_count":2,"forks_count":4,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-05-27T07:12:57.448Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/faradayio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-03-23T09:41:08.000Z","updated_at":"2022-02-03T16:19:18.000Z","dependencies_parsed_at":"2022-08-27T09:51:30.331Z","dependency_job_id":null,"html_url":"https://github.com/faradayio/credentials_to_env","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/faradayio/credentials_to_env","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/faradayio%2Fcredentials_to_env","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/faradayio%2Fcredentials_to_env/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/faradayio%2Fcredentials_to_env/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/faradayio%2Fcredentials_to_env/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/faradayio","download_url":"https://codeload.github.com/faradayio/credentials_to_env/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/faradayio%2Fcredentials_to_env/sbom","scorecard":{"id":392709,"data":{"date":"2025-08-11","repo":{"name":"github.com/faradayio/credentials_to_env","commit":"e9edd697303cb651144e5b1e9fa9a74964b204a3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.5,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE-APACHE.txt:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE-APACHE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.4.8 not signed: https://api.github.com/repos/faradayio/credentials_to_env/releases/15822873","Warn: release artifact testrel not signed: https://api.github.com/repos/faradayio/credentials_to_env/releases/4108512","Warn: release artifact v0.4.6 not signed: https://api.github.com/repos/faradayio/credentials_to_env/releases/7399646","Warn: release artifact v0.4.5 not signed: https://api.github.com/repos/faradayio/credentials_to_env/releases/7034045","Warn: release artifact v0.4.4 not signed: https://api.github.com/repos/faradayio/credentials_to_env/releases/4794774","Warn: release artifact v0.4.8 does not have provenance: https://api.github.com/repos/faradayio/credentials_to_env/releases/15822873","Warn: release artifact testrel does not have provenance: https://api.github.com/repos/faradayio/credentials_to_env/releases/4108512","Warn: release artifact v0.4.6 does not have provenance: https://api.github.com/repos/faradayio/credentials_to_env/releases/7399646","Warn: release artifact v0.4.5 does not have provenance: https://api.github.com/repos/faradayio/credentials_to_env/releases/7034045","Warn: release artifact v0.4.4 does not have provenance: https://api.github.com/repos/faradayio/credentials_to_env/releases/4794774"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"35 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2021-0093 / GHSA-pqqp-xmhj-wgcw","Warn: Project is vulnerable to: RUSTSEC-2022-0041 / GHSA-qc84-gqf4-9926","Warn: Project is vulnerable to: RUSTSEC-2019-0036 / RUSTSEC-2020-0036 / GHSA-jq66-xh47-j9f3 / GHSA-r98r-j25q-rmpr","Warn: Project is vulnerable to: RUSTSEC-2020-0008 / GHSA-h3qr-rq2j-74w4","Warn: Project is vulnerable to: RUSTSEC-2021-0079 / GHSA-5h46-h7hh-c6x9","Warn: Project is vulnerable to: RUSTSEC-2021-0078 / GHSA-f3pg-qwvg-p99c","Warn: Project is vulnerable to: RUSTSEC-2022-0022 / GHSA-f67m-9j94-qv9j","Warn: Project is vulnerable to: RUSTSEC-2024-0421 / GHSA-h97m-ww89-6jmq","Warn: Project is vulnerable to: RUSTSEC-2019-0010 / GHSA-rpcm-whqc-jfw8","Warn: Project is vulnerable to: RUSTSEC-2020-0070 / GHSA-5wg8-7c9q-794v / GHSA-gmv4-vmx3-x9f3 / GHSA-hj9h-wrgg-hgmx / GHSA-ppj3-7jw3-8vc4 / GHSA-vh4p-6j7g-f4j9","Warn: Project is vulnerable to: RUSTSEC-2019-0011 / GHSA-rh89-x75f-rh3c","Warn: Project is vulnerable to: RUSTSEC-2023-0045 / GHSA-wfg4-322g-9vqv","Warn: Project is vulnerable to: RUSTSEC-2020-0080","Warn: Project is vulnerable to: RUSTSEC-2020-0078 / GHSA-458v-4hrf-g3m4 / GHSA-c79c-gwph-gqfm","Warn: Project is vulnerable to: RUSTSEC-2020-0016","Warn: Project is vulnerable to: RUSTSEC-2023-0022 / GHSA-3gxf-9r58-2ghg","Warn: Project is vulnerable to: RUSTSEC-2023-0024 / GHSA-6hcf-g6gr-hhcr","Warn: Project is vulnerable to: RUSTSEC-2023-0023 / GHSA-9qwg-crg9-m2vc","Warn: Project is vulnerable to: RUSTSEC-2023-0044","Warn: Project is vulnerable to: RUSTSEC-2023-0072","Warn: Project is vulnerable to: GHSA-q445-7m23-qrmw","Warn: Project is vulnerable to: RUSTSEC-2024-0357","Warn: Project is vulnerable to: RUSTSEC-2025-0004","Warn: Project is vulnerable to: RUSTSEC-2022-0040 / GHSA-9qxh-258v-666c","Warn: Project is vulnerable to: RUSTSEC-2019-0035 / GHSA-mmc9-pwm7-qj5w","Warn: Project is vulnerable to: RUSTSEC-2022-0013 / GHSA-m5pq-gvj9-9vr8","Warn: Project is vulnerable to: RUSTSEC-2023-0018 / GHSA-mc8h-8q98-g5hr","Warn: Project is vulnerable to: RUSTSEC-2023-0081","Warn: Project is vulnerable to: RUSTSEC-2019-0012 / GHSA-69gw-hgj3-45m7","Warn: Project is vulnerable to: RUSTSEC-2019-0009 / GHSA-mm7v-vpv8-xfc3","Warn: Project is vulnerable to: RUSTSEC-2018-0018 / GHSA-55m5-whcv-c49c / GHSA-66p5-j55p-32r9","Warn: Project is vulnerable to: RUSTSEC-2021-0003 / GHSA-43w2-9j62-hq99","Warn: Project is vulnerable to: RUSTSEC-2018-0017","Warn: Project is vulnerable to: RUSTSEC-2022-0006 / GHSA-9hpw-r23r-xgm5","Warn: Project is vulnerable to: RUSTSEC-2020-0071 / GHSA-wcg3-cvx6-7396"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T18:12:46.872Z","repository_id":57612387,"created_at":"2025-08-18T18:12:46.872Z","updated_at":"2025-08-18T18:12:46.872Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271745679,"owners_count":24813521,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-23T02:00:09.327Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-27T04:29:29.767Z","updated_at":"2025-08-23T06:35:36.507Z","avatar_url":"https://github.com/faradayio.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# `credentials-to-env`: Fetch secrets from Hashicorp's vault or elsewhere before `exec`ing a program\n\n[![Latest version](https://img.shields.io/crates/v/credentials_to_env.svg)](https://crates.io/crates/credentials_to_env) [![License](https://img.shields.io/crates/l/credentials_to_env.svg)](http://www.apache.org/licenses/LICENSE-2.0) [![Build Status](https://travis-ci.org/faradayio/credentials_to_env.svg?branch=master)](https://travis-ci.org/faradayio/credentials_to_env)\n\n[Static binary releases](https://github.com/faradayio/credentials_to_env/releases)\n\nDo you have a pre-existing program that assumes that it will receive\nsecrets in either environment variables or files on disk?  Would you like\nto convert that program to work with Hashicorp's [Vault][]?\n\nFirst run:\n\n```sh\ncargo install credentials_to_env\n```\n\nThen create a file named `Secretfile` explaining where in Vault the\nindividual secrets can be found:\n\n    # Set environment variables based on Vault secrets.\n    DOCKER_HUB_USER secret/docker_hub:user\n    DOCKER_HUB_PASSWORD secret/docker_hub:password\n    DOCKER_HUB_EMAIL secret/docker_hub:email\n\n    # Create SSL key files based on Vault secrets.\n    \u003e$HOME/.docker/ca.pem secret/docker:ca_pem\n    \u003e$HOME/.docker/cert.pem secret/docker:cert_pem\n    \u003e$HOME/.docker/key.pem secret/docker:key_pem\n\nFinally, prefix the invocation of your program with `credentials-to-env`:\n\n```sh\ncredentials-to-env myprogram arg1 arg2\n```\n\nThis will automatically fetch secrets from Vault (or any other backend\nsupported by [credentials][]) and write them to the specified environment\nvariables or files.\n\nYou can also override `credentials-to-env` by passing in the secrets\nyourself, which is handy if you call `credentials-to-env` inside a Docker\ncontainer, but want to temporarily override the secrets you'd get from\nVault.\n\n## Development notes\n\nPull requests are welcome!  If you're not sure whether your idea would fit\ninto the project's vision, please feel free to file an issue and ask us.\n\n**To build, you'll need to set up your OpenSSL paths first,** as described\nby the [Rust OpenSSL](https://github.com/sfackler/rust-openssl#osx)\nproject.\n\n**To make an official release,** you need to be a maintainer, and you need\nto have `cargo publish` permissions.  If this is the case, first edit\n`Cargo.toml` to bump the version number, then regenerate `Cargo.lock`\nusing:\n\n```sh\ncargo build\n```\n\nCommit the release, using a commit message of the format:\n\n```txt\nv\u003cVERSION\u003e: \u003cSUMMARY\u003e\n\n\u003cRELEASE NOTES\u003e\n```\n\nThen run:\n\n```\ngit tag v$VERSION\ngit push; git push --tags\ncargo publish\n```\n\nThis will rebuild the official binaries using Travis CI, and upload a new version of\nthe crate to [crates.io](https://crates.io/).\n\n[Vault]: https://www.vaultproject.io/\n[credentials]: http://docs.randomhacks.net/credentials/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffaradayio%2Fcredentials_to_env","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffaradayio%2Fcredentials_to_env","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffaradayio%2Fcredentials_to_env/lists"}